We use cookies and similar technologies to recognize your repeat visits and preferences, to measure the effectiveness of campaigns, and improve our websites. For settings and more information about cookies, view our Cookie Policy. By clicking “I accept” on this banner or using our site, you consent to the use of cookies.

Matters of risk and reward

Two stories last week — encrypted chat apps and VPN services — the pros, the cons, and the risks and tradeoffs of privacy.

Going, going, gone … lawmakers pick the best app for plotting

Politics is a dirty game, so it’s no surprise that plotting politicians turn to encrypted chat apps, and that they take all the steps they can to mitigate one of the most common vulnerabilities of chat apps — untrustworthy co-conspirators.

Why Confide? Like Telegram, Signal (the Democrats choice), and WhatsApp, it offers end-to-end encryption, protecting the content of the chats from being read by unauthorized third parties. However, WhatsApp, the chat app of choice for Conservative MPs thus far, suffers from a key shortfall: chats can be archived and screengrabbed — and so shared with journalists and opponents.

Gossip is currency, and, in the tense, febrile atmosphere of Westminster’s corridors of power, knowledge about what your supposed colleagues are up to can give you a vital edge.

Confide, on the other hand, can’t be screengrabbed; and the messages, which are revealed only one line at a time, self-destruct once they’ve been read.

This saga illustrates a couple of important points about encrypted apps:

It’s worth knowing your risk when you choose a security application. The lawmakers on both sides of the Atlantic turned to Confide because they were vulnerable to their chats being leaked via screenshots. The quality of the encryption wasn’t at issue, although theoretically the GOP staffers’ emails could have been stolen on Confide’s servers. Nonetheless, once that vulnerability was exposed, it was clearly felt that not being able to archive, grab, and share messages was more important.

Whatever your technology, it’s typically the humans who use it that cause security issues. For all lawmakers, the issue isn’t encryption, it’s not being able to trust other people in the conversation.

Knowing your risk means you can focus on the features that are right for you — and the plottings of politicians are good reminders to make sure you know the risk you face.

Not all VPNs are created equal

We all know that VPNs are important if you want to browse the web privately and securely, connect to platforms that might be blocked for political reasons in a country to which you’re travelling, or if you need to access office resources or your home documents securely.

However, as many have written about in some detail, not all VPNs are created equal. Choosing a VPN requires a bit of thought.

You need to consider whether you’re prepared to, say, put up with sharing bandwidth with many other users in return for a free VPN. Or whether you actually need a VPN — perhaps a DNS switcher might suit you better. It’s important to look into whether a VPN provider keeps detailed logs and, if so, what kind of logs and for how long. It’s worth understanding the different ways a provider implements the VPN and the protocols they use.

In short, it’s not a decision to make on the spur of the moment. Sharp-eyed folks earlier this month spotted a new offering called Onavo Protect, a VPN product, popping up on Facebook’s app list in the platform’s iOS mobile app. It has been in both the iOS App Store and the Google Play Store for quite a while and has been downloaded more than 10 million times, according to its listing in Google Play.

When you follow the link to the App Store, it becomes clear that Onavo Protect is a VPN. However, neither the app stores’ listings nor the website have any details about what protocols it uses to establish the VPN and protect your privacy.

That should be a red flag on its own – you need to know what technologies a VPN is using in order to make an informed decision about whether it’s the right VPN for your needs.

Like all VPNs, Onavo Protect captures data about who and what you’re connecting to.

However, rather than that being a byproduct of providing the VPN, collecting metrics is pretty much the app’s core function, and its aim is to provide its parent company, Facebook, with insights into what users are watching, which sites they’re going to, which services they’re using, which they’re shunning, which platforms are popular and which are on the wane.

In short, it’s not about protecting your privacy: it’s about understanding you.

The tech press has been uniform in its condemnation: Extreme Tech calls it “spyware”; Gizmodo calls it “vampiric” and Wired bluntly says “Don’t trust the VPN Facebook wants you to use.”

The fallout from both this and the saga of the lawmakers’ choice of chat apps is a timely reminder that as ever, knowledge is power.

If you know what you want to do with an app, if you know what your comfort zone is with risk and privacy and if you have a reasonable understanding of the technology, you can make smart choices that are right for you and that help keep you secure online.